Broken AOL Code - spoofing

From: Ryan Sweat (ryansat_private)
Date: Fri Oct 05 2001 - 07:07:23 PDT

Next message: H D Moore: "Re: Possible syslogd DoS ?"

Previous message: Petr Baudis: "Re: Possible syslogd DoS ?"
Next in thread: Robert van der Meulen: "Re: Broken AOL Code - spoofing"
Reply: Robert van der Meulen: "Re: Broken AOL Code - spoofing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

When a user logs in to AOL using tcp/ip on a LAN, aol assigns them a public
ip address.  This ip address is tunneled to the destination within the aol
connection.  The problem I have found is when any of the common worms on the
internet happen to scan the 'aol ip', the reply from the users box
("destination unreachable/port unreachable") is sent through the LAN with
the source of the aol ip address.  Many would consider this spoofing.

It concerns me that computers which run AOL in my LAN are reachable from the
'outside', providing a way to bypass the security which I have in place at
my routers and firewalls to prevent such.

AOL was notified and they stated that "We do not support AOL in networks",
so if they aren't concerned about it, maybe you guys are.


Ryan Sweat
h3xm3at_private

Next message: H D Moore: "Re: Possible syslogd DoS ?"
Previous message: Petr Baudis: "Re: Possible syslogd DoS ?"
Next in thread: Robert van der Meulen: "Re: Broken AOL Code - spoofing"
Reply: Robert van der Meulen: "Re: Broken AOL Code - spoofing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Oct 05 2001 - 09:29:16 PDT